Nine researchers were paid a total of $14,000 in bug bounties for bringing the Chrome bugs to Google’s attention. The company then promptly patched them last Monday.
Pwn2Own, an annual hacking contest that takes place at the CanSecWest security conference in Vancouver, British Columbia, was most likely the trigger for the updates, for Google fixed security flaws a week before last year’s Pwn2Own contest as well.
16 flaws with a rating of “high” and three with a rating of “medium” were taken care of, the former of which being the second highest ranking in terms of severity in Google’s threat system. This brought Google Chrome to version 9.0.597.107.
Luckily, not a single one of the bugs were deemed as “critical” by Google. This means that none of the bugs would have allowed an attacker to possibly circumvent Chrome’s sandbox. Two such sandbox bugs have already been quashed in Google Chrome this year.
As is the case with every such update, the bug tracking database that Google uses was locked to prevent outsiders from seeing the technical details of the vulnerabilities. Google tends to unlock it after several weeks or months so users would have more time to update their web browser.
About (Author Profile)
Being passionate about software, Armin joined FavBrowser.com in early 2011 and has been actively writing ever since. Having accepted the challenge, he also enjoys watching anime, indulging in good books, staying fit and healthy, and trying new things.